1. Field of the Invention
The present invention relates to generating processed traffic.
2. Description of Related Art
Networks such as the Internet provide a variety of data communicated using a variety of network devices including servers, routers, hubs, switches, and other devices. Before placing a network into use, the network, including the network devices included therein, may be tested to ensure successful operation. Network devices may be tested, for example, to ensure that they function as intended, comply with supported protocols, and can withstand anticipated traffic demands.
To assist with the construction, installation and maintenance of networks and network devices, networks may be augmented with network analyzing devices, network conformance systems, network monitoring devices, and network traffic generators, all which are referred to herein as network testing systems. The network testing systems may allow for the sending, capturing and/or analyzing of network communications.
Current network traffic analysis tools and traffic generation systems exist as separate entities. Several techniques for gathering and analyzing network data exist. These techniques include direct playback of recorded data and synthetic generation of packet based traffic.
Rapid advances in communication technology have accentuated the need for security in IP networks such as the Internet. To solve this problem, the IP Security Protocol (IPSEC) has been developed. IPSEC includes mechanisms to protect client protocols of IP and operates at the IP layer. IPSEC is a security protocol in the network layer which provides cryptographic security services that flexibly support combinations of authentication, integrity, access control and confidentiality. Work on IPSEC has focused on improvement of the Internet Key Exchange (IKE) and encapsulation protocols.
IPSEC uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorized reading of packet contents. These services allow secure tunnels through untrusted networks to be built. Everything passing through the untrusted network is encrypted by an IPSEC gateway and decrypted by a gateway at the other end. The result is a Virtual Private Network (VPN). This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet.
The IPSEC protocols were developed by the IETF (Internet Engineering Task Force), and it is believed that they will be required as part of IP Version Six. They are also being widely implemented for IP Version Four. In particular, nearly all vendors of any type of firewall or security software have IPSEC support either shipping or in development.
In an IPSEC tunnel, the relevant players are the endpoints (hosts) and the gateways. Traffic between hosts and gateways is clear, application data. That between gateways is subject to a series of operations described as the properties of the tunnel (authentication, encryption, encapsulation). In simplistic terms, an IPSEC VPN can be viewed as a combination of a left endpoint, a left gateway, a right gateway and a right endpoint.
Once an IPSEC tunnel has been established, traffic originating from the left endpoint and destined for the right is sent clear to the left gateway where it is processed/encapsulated and forwarded to the right gateway. The right gateway likewise processes and decapsulates it before sending the original clear traffic on to the right endpoint.